'Maximum login attempts exceeded' error for Policy Manager login

book

Article ID: 6374

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

When Policy manager encounters error, while login as administrator user and the maximum login attempts exceeded: 

"Maximum login attempts exceeded, please try again later"

Environment

Release: L7SMG299000-7.1-Mobile API Gateway-HARDWARE APPLIANCE DUAL CPU
Component:

Resolution

Policy manager administrator user password can be reset using the options below:

 

1. Login to ssgconfig menu and choose option #3 to login as privileged user -> Login into mysql -> run below query to remove the lock: 

 

DELETE from ssg.logon_info WHERE state = "EXCEED_ATTEMPT"; 

 

2. To re-enable access to policy manager run the following steps: 

 

Note: To be able to follow this procedure, you must know the root username and password to log into a privileged shell to access the script to reset this password. When running the script you need the database username and password. 

 

Appliance Gateway Procedure (Physical and Virtual form factors): 

 

1) Connect to the SecureSpan Gateway as the 'ssgconfig' user. 

2) Select option #3: "Use a privileged shell." 

3) Go to the following directory:

 

[[email protected]<gateway_host> ~]# cd /opt/SecureSpan/Appliance/bin 

 

4) Execute the script below: 

 

[[email protected]<gateway_host> ~]# ./resetAdmin.sh [databaseUser] [databasePassword] 

 

NOTE: "databaseUser" and "databasePassword" are the credentials used to access the MySQL database, not the root user credentials for the privileged shell. Additionally, do not use the brackets when typing the username and password into the command prompt. 

 

The shell script will now prompt for the administrative account to use, by default the password is "password." 

 

Software Gateway Procedure: 

 

1) Download the attached resetAdmin.sh script to the server where the Gateway Database is installed. 

2) Execute the following script. 

 

[[email protected]<gateway_host> ~]# ./resetAdmin.sh [databaseUser] [databasePassword] 

 

NOTE: "databaseUser" and "databasePassword" are the credentials used to access the MySQL database, not the root user credentials for the privileged shell. Additionally, do not use the brackets when typing the username and password into the command prompt. 

 

The shell script will now prompt for the administrative account to use, by default the password is "password." 

 

3. By removing login entry from database using below query

 

DELETE from ssg.logon_info WHERE login='admin'; 

 

4. Removal of User Certificate 

 

If the administrative account has a certificate associated with it within the Internal Identity Provider, references to this certificate must be removed from the database before the new credentials will be accepted. The Policy Manager will default to using the certificate before using keyboard-interactive authentication. 

 

To remove this certificate, execute the below query (substituting "admin" for the in-service username of the administrative account): 

 

[[email protected]<gateway_host> ~]# mysql ssg -u root -p7layer -e "delete from client_cert where login='admin'" 

 

Once this is done, you will be able to log in using the newly set username and password.